QUESTION 12From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the exhibit. (Click the Exhibit tab.)You need to reduce the likelihood that the sign-ins are identified as risky.What should you do?

A. From the Security & Compliance admin center, create a classification label.B. From the Security & Compliance admin center, add the users to the Security Readers role group.C. From the Azure Active Directory admin center, configure the trusted IPs for multi-factor authentication.D. From the Conditional access blade in the Azure Active Directory admin center, create named locations.

Answer: D

QUESTION 13You implement Microsoft Azure Advanced Threat Protection (Azure ATP). You have an Azure ATP sensor configured as shown m the following exhibit.How long after the Azure ATP cloud service is updated will the sensor update?

QUESTION 14Your company has a Microsoft 365 E5 subscription.Users in the research department work with sensitive data. You need to prevent the research department users from accessing potentially unsafe websites by using hyperlinks embedded in email messages and documents. Users in other departments must not be restricted.What should you do from the Security & Compliance admin center?

A. Create a data toss prevention (DLP) policy that has a Content is shared condition.B. Modify the default safe links policy.C. Create a data loss prevention (DLP) policy that has a Content contains condition.D. Create a new safe links policy.

QUESTION 15You have a Microsoft 365 tenant.You have a line-of-business application named App1 that users access by using the My Apps portal. After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access App Control,You need to be alerted by email if impossible travel is detected for a user of Appl. The solution must ensure that alerts are generated for App1 only.What should you do?

QUESTION 16A user receives the following message when attempting to sign in to https://myapps.microsoft.com:“Your sign-in was blocked. We’ve detected something unusual about this sign-in. For example, you might be signing in from a new location device, or app. Before you can continue, we need to verity your identity. Please contact your admin.”Which configuration prevents the users from signing in?

QUESTION 17The users at your company use Dropbox to store documents. The users access Dropbox by using the MyApps portal.You need to ensure that user access to Dropbox is authenticated by using a Microsoft 365 identify. The documents must be protected if the data is downloaded to an untrusted device.What should you do?

QUESTION 19You use Microsoft System Center Configuration Manager (Current Branch) to manage devices. Your company uses the following types of devices:– Windows 10– Windows 8.1– Android– iOSWhich devices can be managed by using co-management?

QUESTION 20You have Windows 10 Pro devices that are joined to an Active Directory domain. You plan to create a Microsoft 365 tenant and to upgrade the devices to Windows 10 Enterprise. You are evaluating whether to deploy Windows Hello for Business for SSO to Microsoft 365 services. What are two prerequisites of the deployment? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

QUESTION 21Your company has a Microsoft 365 E3 subscription.All devices run Windows 10 Pro and are joined to Microsoft Azure Active Directory (Azure AD). You need to change the edition of Windows 10 to Enterprise the next time users sign in to their computer. The solution must minimize downtime for the users.What should you use?

QUESTION 22You have a Microsoft 365 subscription.You plan to enable Microsoft Azure Information Protection. You need to ensure that only the members of a group named PilotUsers can protect content What should you do?

A. From the AADRM PowerShell module, run the set-AadrmonboardingControlPolicy cmdlet.B. From Azure Information Protection, create a policy.C. From the AAORM PowerShell module, run the Add-AadrmRoleBasedAdministrator cmdlet.D. From Azure Information Protection, configure the protection activation status.